TL;DR: Agentic AI systems can retrieve data, call APIs, use tools, and take actions autonomously, so access control must be embedded into workflows from the start, according to PlainID and Gartner research. The real security problem is not agent capability alone, but whether runtime authorization, traceability, and least privilege can keep pace with autonomous decisions.
NHIMG editorial — based on content published by PlainID: ALL NEW Agentic Identity Platform Secured by Design: Building Trustworthy Agentic AI from the Ground Up
By the numbers:
- Gartner predicts that more than 50% of successful cyberattacks against AI agents through 2029 will exploit access control weaknesses.
- The average cost of a UK data breach reached £4.53 million, according to Gartner’s 2025 research.
- PlainID supports 35M+ managed identities with 99.99% uptime.
Questions worth separating out
Q: How should security teams implement runtime authorization for AI agents?
A: Security teams should enforce authorization at the moment an agent requests a tool, API, or data action, not just when the agent is created or authenticated.
Q: Why do AI agents complicate least privilege for IAM teams?
A: AI agents complicate least privilege because their access is not limited to a single role or application.
Q: How do organisations know if agentic access controls are working?
A: They know controls are working when every autonomous action can be traced back to an approved policy decision, and when the agent cannot exceed its purpose by combining separate low-risk permissions.
Practitioner guidance
- Move authorization into the execution path Evaluate each agent tool call, API request, and data retrieval at runtime before the action is allowed to proceed.
- Model privilege by workflow, not by account alone Map the full chain from prompt to tool to data source to response, then assign the minimum effective access required for that chain.
- Log autonomous actions with audit-grade context Capture the decision, the tool invoked, the data accessed, and the resulting action in a single trace.
What's in the full article
PlainID's full article covers the operational detail this post intentionally leaves for the source:
- A practical breakdown of how the platform positions dynamic authorization across prompts, tools, APIs, and responses.
- Examples of how security by design is mapped to agentic AI guardrails and runtime policy enforcement.
- The article's own framing of least privilege, zero trust, and traceability for agent workflows.
- The vendor's description of platform scale and deployment posture for large identity estates.
👉 Read PlainID's analysis of secured-by-design authorization for agentic AI →
Agentic identity security by design: are access controls keeping up?
Explore further
Security by design is now an identity governance requirement, not a design preference. Once agents can retrieve, decide, and act across multiple systems, security can no longer sit outside the workflow. The article reflects a wider shift in which authorization becomes the mechanism that keeps autonomy within policy. Practitioners should treat agentic access control as a governance layer, not a feature decision.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent exposes data or calls an unauthorised API?
A: Accountability sits with the organisation that defined the policy, approved the deployment, and owns the control plane around the agent. Teams should assign clear ownership across IAM, security engineering, and the product or workflow owner. Without that, autonomous behaviour becomes an operational gap with no clear remediation path.
👉 Read our full editorial: Agentic identity security by design is becoming the access control test